Any real overview or feedback or REAL user ?
Real user of what ?
Topic: Ebit e9 miner with 6.8Th/s from Ebang company a new rival for existing producers - page 9. (Read 80457 times)
December 13, 2017, 07:45:30 AM
Real user of what ?
December 13, 2017, 05:36:12 AM
Any real overview or feedback or REAL user ?
Real user of what ?
December 11, 2017, 03:18:04 AM
Any real overview or feedback or REAL user ?
December 10, 2017, 08:26:06 AM
my management station is equally behind a statefull firewall that blocks everything that is not needed, this includes all public Chinese (and Russian for that matter) address space.
And how are you against for example dns-tunneling Mr. Securuty Engineer?
If I was chinese software engineer and I just needed few hundred bytes of traffic to request/receive/execute commands.
security, lol
whatever dude, keep throwing out fancy words, I'm still not sending any btc your way, keep begging
rtfm, Mr. Security Engineer
For your information dns tunneling technology works even in UA aircrafts wifi network. On your preconfigured laptop, for free of course.
Unfortunately bandwidth is not enough even for browsing modern sites 5-10 MB per page with tonnes of js and other crap
But hundreds of bytes/s are good enough for IRC chats (do you know what is it, lol ?) and some other console stuff.
Can it be easily implemented in miner software? - yes.
Thanks for conversation Mr. Security Engineer. Offtopic is closed, everyone made own conclusions
December 09, 2017, 10:05:51 AM
my management station is equally behind a statefull firewall that blocks everything that is not needed, this includes all public Chinese (and Russian for that matter) address space.
And how are you against for example dns-tunneling Mr. Securuty Engineer?
If I was chinese software engineer and I just needed few hundred bytes of traffic to request/receive/execute commands.
security, lol
whatever dude, keep throwing out fancy words, I'm still not sending any btc your way, keep begging
December 09, 2017, 09:39:35 AM
my management station is equally behind a statefull firewall that blocks everything that is not needed, this includes all public Chinese (and Russian for that matter) address space.
And how are you against for example dns-tunneling Mr. Securuty Engineer?
If I was chinese software engineer and I just needed few hundred bytes of traffic to request/receive/execute commands.
security, lol
December 09, 2017, 06:23:00 AM
December 08, 2017, 04:07:39 PM
It is working pretty good without web app at all
For that you need to ssh into it and modify some startup files (here is already explained how)
Everything you need to set (pool addresses?), and get (temp, fan, rate?) - you can do it using snmp. At least no javascript in browser
For that you need to ssh into it and modify some startup files (here is already explained how)
Everything you need to set (pool addresses?), and get (temp, fan, rate?) - you can do it using snmp. At least no javascript in browser
December 08, 2017, 02:45:07 PM
December 08, 2017, 01:03:45 AM
So your telling me that the client that you use to connect to it does not allow connections to the miners. The exploit is in the appweb code itself in the firmware.
You------------------------> Miner
You----Fetch Code-----> Miner.
Does not matter what the Miners are behind because the code is run from the connecting client and then executed on the Miner.
Does not matter what the miners are behind or if your use a vpn to connect to them.
So, Unless you invalidate all ssl certified servers the code has already ran. On every page on every miner you have connected to.
Now is when you say. "Oh Shit".
And for those of us with S9's yea heres the mea culpa from bitmain about there backdoor.
https://enforum.bitmain.com/bbs/topics/4194
You------------------------> Miner
You----Fetch Code-----> Miner.
Does not matter what the Miners are behind because the code is run from the connecting client and then executed on the Miner.
Does not matter what the miners are behind or if your use a vpn to connect to them.
So, Unless you invalidate all ssl certified servers the code has already ran. On every page on every miner you have connected to.
Now is when you say. "Oh Shit".
And for those of us with S9's yea heres the mea culpa from bitmain about there backdoor.
https://enforum.bitmain.com/bbs/topics/4194
You got it, you are definitely not a complete idiot like smart-ass.
Here, to remove the remote exploit of the ebang miners try running this batch file.
Your firewalls are useless against ebangs remote exploit. Here is how to disable it on a per machine basis.
Check every version of firmware with fgrep -r baidu . You will find it in all of them
This is for both windows and windows 64 bit version. Linux users well we already know.
When you can remotely change any javascript variable on a page via remote execution its a bad thing mkay.
https://pastebin.com/raw/euPTXM1g
Update on the last bomb run on root, Currently the mask of 0X00EE-0X00FF on the 16 range pinyin for the root password has begun.
Smartass1 don't bother the code is in batch file and may be to complex for you.
How to tell a smartass is a dumbass, simple a dumbass can at least use cabextract to get one fucking file and follow directions.
Blob conversion of the s9's has begun to be fully gpl compliant.
Don't bother donating to me Ill collect the bounties
Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think
You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure
Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)
Here, to remove the remote exploit of the ebang miners try running this batch file.
Your firewalls are useless against ebangs remote exploit. Here is how to disable it on a per machine basis.
Check every version of firmware with fgrep -r baidu . You will find it in all of them
This is for both windows and windows 64 bit version. Linux users well we already know.
When you can remotely change any javascript variable on a page via remote execution its a bad thing mkay.
https://pastebin.com/raw/euPTXM1g
Update on the last bomb run on root, Currently the mask of 0X00EE-0X00FF on the 16 range pinyin for the root password has begun.
Smartass1 don't bother the code is in batch file and may be to complex for you.
How to tell a smartass is a dumbass, simple a dumbass can at least use cabextract to get one fucking file and follow directions.
Blob conversion of the s9's has begun to be fully gpl compliant.
Don't bother donating to me Ill collect the bounties
All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.
Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think
You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure
Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)
im a security network engineer, they can put whatever code in what they want, if i only allow connections from my miners to the public ip addressen I choose (pool of my choice) then these miners can not phone home.
December 07, 2017, 11:52:34 PM
#!/bin/bash
echo "#################Create new auth.conf and snmpd.conf to secure your ebit miner ##########"
echo
echo -n "Enter Username: "
read user
./authpass --cipher md5 --file auth.conf example.com $user adminstrator
echo "New auth.conf created"
echo
cat auth.conf
echo
echo ##########################################################################################
echo "Create snmp.conf ReadOnly/ReadWrite Password"
echo -n "Enter SNMP ReadOnly Commmunity: "
read suser
echo
echo -n "Enter SNMP ReadWrite Commmunity: "
read spass
echo rocommunity $spass > snmpd.conf
echo rwcommunity $suser >> snmpd.conf
echo "New snmpd.conf created"
cat snmpd.conf
echo
echo "#If you would like to help free cgiminer and its api access from the evil ebit empire"
echo "#Please send donations too: 19ZMUgy5KGucLWiehQbo3rzwXWX3EPZpqT .005 btc or more please"
echo "#################Create new auth.conf and snmpd.conf to secure your ebit miner ##########"
echo
echo -n "Enter Username: "
read user
./authpass --cipher md5 --file auth.conf example.com $user adminstrator
echo "New auth.conf created"
echo
cat auth.conf
echo
echo ##########################################################################################
echo "Create snmp.conf ReadOnly/ReadWrite Password"
echo -n "Enter SNMP ReadOnly Commmunity: "
read suser
echo
echo -n "Enter SNMP ReadWrite Commmunity: "
read spass
echo rocommunity $spass > snmpd.conf
echo rwcommunity $suser >> snmpd.conf
echo "New snmpd.conf created"
cat snmpd.conf
echo
echo "#If you would like to help free cgiminer and its api access from the evil ebit empire"
echo "#Please send donations too: 19ZMUgy5KGucLWiehQbo3rzwXWX3EPZpqT .005 btc or more please"
No need for authpass, it's just a md5 hash with no endline/newline char on it in the form of
admin:example.com:yourpasswd
Because they run appweb under the domain example.com, you can change that too in appweb.conf
Don't use a colon in your password!!! Appweb idgits.
Code:
echo
echo "Appweb auth.conf password generator"
echo
echo
echo "Enter userid (no colons!): \c"
read nuser
echo "Enter new Password (no colons!): \c"
read npass
echo "Generating appweb hash for user: $nuser password [$npass]....."
hash=`echo "${nuser}:example.com:${npass}\c" | openssl md5`
echo =================
echo "Your new Hash is : $hash"
echo =================
echo
echo "Place this line in your auth.conf:"
echo =================
echo "User admin $hash administrator"
echo =================
echo
exit 0
I thought about ditching the resolv.conf too, but that seems rather brute-force-ish. The rule on the firewall works great, allow out to your pools via FQDN so you don't need manage the round-robin ip's the pools use, then deny all outbound from your miner group addys.
# From To Priority Source Destination Service Action Users
36 LAN WAN 1 EbitMiner40-50 MinerPools Any Allow All
37 LAN WAN 9 EbitMiner40-50 Any Any Deny All
I have defined on my firewall/router EbitMiner40-50 address object as a range of addresses that only the miners fall in and MinerPools address object as my pools by name, the router will keep track of the various ip's associated with those names
I've had a running trace on 37 to show me exactly what's being blocked..
After dwang is going, nothing, but during dwang startup..watch out, it wants to connect to all kinds of internet ip's, as well as many 192.168 internal ips they must being using in their development office.
I would HIGHLY recommend anyone with a ebang miner to create that rule-set on their firewall. It won't affect it's operation, there's no hack or code required and you don't need to touch your miners or break into them, just some rules to box in your miners so they can only talk to your pools, and keeps your miner from reporting all kinds of stuff to various entities in china.
December 07, 2017, 07:09:58 PM
Has anyone tried to just compile cgminer for arm and see if it picks up the asics on that thing? Never looked into how the mining software actually works, not sure how they talk to the asics.
the dwang crap really needs to go, dirty dirty stuff.
the dwang crap really needs to go, dirty dirty stuff.
December 07, 2017, 06:18:01 PM
Actually I just added a rule to allow to my pools and deny everything else.
The deny everything else has produced about 8 denials/hr/miner to various places, most of which you can ssh to and get a prompt. WTF ebang!?!?!?!?
The deny everything else has produced about 8 denials/hr/miner to various places, most of which you can ssh to and get a prompt. WTF ebang!?!?!?!?
December 07, 2017, 01:25:04 PM
127.0.0.1 it.
I made a rule on my firewall to deny packets from my miner group addresses out to any of these hardcoded BS sites. THe nice thing about that is the firewall keeps track of how many times it was denied and you can see those stats.
So far, hm.baidu.com was only once, it doesn't seem to get called on every page load. The e.g703.cn (114.215.172.52) gets hit every time dwang starts, this one looks bad, it's definitely reporting some crap to this site.
also hardcoded in dwang are several hidden pools, I denied all those too based on fqdn.
stratum+tcp://stratum.f2pool.com:3333
stratum+tcp://stratum.haobtc.com:3333
stratum+tcp://vipebite.btcxo.com:3334
stratum+tcp://stratum.btcchina.com:3333
none of those have been hit though, i think they may only exist to auto fill the details , when you go to the miner config webpage it has radio buttons for haobtc and btcchina (but not the other two???!?!?!?) ... but the rule to deny stays! We'll see if they get hit attempts over time
December 07, 2017, 01:22:44 PM
127.0.0.1 it.
I made a rule on my firewall to deny packets from my miner group addresses out to any of these hardcoded BS sites. THe nice thing about that is the firewall keeps track of how many times it was denied and you can see those stats.
So far, hm.baidu.com was only once, it doesn't seem to get called on every page load. The e.g703.cn (114.215.172.52) gets hit every time dwang starts, this one looks bad, it's definitely reporting some crap to this site.
also hardcoded in dwang are several hidden pools, I denied all those too based on fqdn.
stratum+tcp://stratum.f2pool.com:3333
stratum+tcp://stratum.haobtc.com:3333
stratum+tcp://vipebite.btcxo.com:3334
stratum+tcp://stratum.btcchina.com:3333
none of those have been hit though, i think they may only exist to auto fill the details , when you go to the miner config webpage it has radio buttons for haobtc and btcchina (but not the other two???!?!?!?) ... but the rule to deny stays! We'll see if they get hit attempts over time
December 07, 2017, 08:44:52 AM
Yes you should. These things are shipped with a firmware that is basically a black box, it makes a connection from the inside to the outside. There is a very big misconception that NAT is a security feature
I meant that nobody can control your miner using web/ssh/snmp behind NAT
Of course SW you have running inside OS behind NAT can connect somewhere and after that receive commands
December 07, 2017, 08:15:24 AM
All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.
Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think
You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure
Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)
Yes you should. These things are shipped with a firmware that is basically a black box, it makes a connection from the inside to the outside. There is a very big misconception that NAT is a security feature
December 07, 2017, 07:11:07 AM
I created FW based on 6.0.20.40. You can download it here
https://www.dropbox.com/s/f05u5oantyk45ki/btc_upgrade_6.0.20.40_mod_root.tar.gz?dl=0
https://drive.google.com/file/d/1IxlJSVQ9RT4VQ7gMhDwIjdOo6MH-4p1Z/view?usp=sharing
please double check sha1hash after downloading
b3a851093dc13eafe3e0f48bc0f2557c21ad2267 btc_upgrade_6.0.20.40_mod_root.tar.gz
I see unclaimed root password changes. Don't be shy, ask for them in PM or here (provide mac address and time you rebooted your miner after flashing)
December 07, 2017, 05:04:50 AM
WHen I turned on packet monitor , during dwang startup I've found they are reporting or trying to report something to:
get ipaddr : 114.215.172.52officail name : e.g703.cn
their_ipaddr =114.215.172.52
that IP.
It comes back to some
Aliyun Computing Co.
City:
Hangzhou
Country:
China
It's live, you can ssh there.
I made a policy on my main router to send that address to oblivion.
get ipaddr : 114.215.172.52officail name : e.g703.cn
their_ipaddr =114.215.172.52
that IP.
It comes back to some
Aliyun Computing Co.
City:
Hangzhou
Country:
China
It's live, you can ssh there.
I made a policy on my main router to send that address to oblivion.
December 06, 2017, 12:21:40 PM
All, there is no need to pay someone for some fancy firmware, put your miners behind a statefull firewall like an ubiquity edgemax ($70) and just block all inside to outside ip connections that have nothing to do with the pool you are using. Manage your miners via an encrypted vpn (ubiquity supports ssl and ipsec) and you are golden.
Actually if you are running miners behind some NAT (in internal network behind router) - you don't need to worry about firewall I think
You may worry about china soft itself (inbound connections that cgminer make) - for example there are china pools hardcoded for sure
Just now ssh is just very very handy way to manage your miners remotely. And some insurance for cases when WebUI went down.
May be some more things and modifications will come in future (like nxsub support or fan control)
Jump to: